kansas city issa newsletter - constant...
TRANSCRIPT
1
May 25 2017
Topic Making a Jump to
Risk Management
Kansas City ISSA Newsletter
Inside this issue
Presidentrsquos Corner
Meeting Recap
SecurityPrivacy
Certification Corner
Chapter Membership
Save the Date
ISSA Journal
WebinarConferences
Upcoming Meetings
Event Sponsors
The Presidentrsquos Corner
Upcoming ISSA-KC Monthly Chapter Meeting Schedule
May 25 2017
Topic Making a Jump to Risk
Management
June 22 2017
More to come
July 27 2017
More to Come
Hello ISSA Kansas City Members
Just a reminder voting for the ISSA International Board Election will begin on June 5
2017 Members in good standing will be contacted with voting instructions and a secure
unique login on the date of the election All ballots must be received by June 19 2017 at
1159 Eastern Time
ISSArsquos path on becoming a CISO ndash You can join our monthly mentoring web series lt
Link gt The link has list of meeting for 2017 Please also do look at resources like
international conferences seminars that offer educational programs and training and
valuable networking opportunities at ISSA international site Do you know ISSA
members get 20 off on MindEdge Learning as member benefits Use the code of ISSA
during checkout to receive the 20 discount on the courses
ASIS International 63rd Annual Seminar and Exhibits (ASIS 2017) and co-located
InfraGard and ISSA conferences is officially open at wwwsecurityexpoorg ASIS 2017
features a world-class education program with more than 180 sessions panel discussions
and keynotes led by global thought leaders In addition partnerships with InfraGard and
ISSA ensure a robust education lineup covering all aspects of cyber and operational
security as well as new learning formats and instructional methods
Sincerely
Naeem Babri
President ISSA Kansas City
Volume 44 Issue 1 May 2017
2
What is Crowdsourcing
Simply defined crowdsourcing represents the act of a company or institution taking a function once performed by employees and
outsourcing it to an undefined (and generally large) network of people in the form of an open call This can take the form of peer-
production (when the job is performed collaboratively) but is also often undertaken by sole individuals The crucial prerequisite is the
use of the open call format and the large network of
potential laborers
Crowdsourcing is a type of participative online activity in
which an individual an institution a nonprofit organization
or company proposes to a group of individuals of varying
knowledge heterogeneity and number via a flexible open
call the voluntary undertaking of a task The undertaking of
the task of variable complexity and modularity and in
which the crowd should participate bringing their work
money knowledge [andor] experience always entails
mutual
benefit The user will receive the satisfaction of a given type
of need be it economic social recognition self-esteem or
the development of individual skills while the crowdsourcer
will obtain and use to their advantage that which the user has
brought to the venture whose form will depend on the type
of activity undertaken
Crowdsourcing is channeling the expertsrsquo desire to solve a
problem and then freely sharing the answer with everyone ==== from the presentation
Pictures from SecureWorld Expo
ISSA KC Door prize (Bluetooth Speaker) winner is Chris Armstrong Congrats
ISSA KC May 2017 Chapter Meeting Recap
ISSA - Conferences
3
WannaCrypt ransomware attack
should make us wanna cry By Alexander Urbelis
httpwwwcnncom20170514opinionswannacrypt-attack-
should-make-us-wanna-cry-about-vulnerability-urbelisindexhtml
On Friday the world experienced the wrath of a well-coordinated
ransomware attack known as WannaCrypt The attack caused Britains
NHS to cancel surgeries a wide array of Russian and Chinese private and public institutions to be crippled most of the
day and the rest of the world to recoil in shock How could a single piece of malware that exploited a vulnerability
identified long ago by the NSA and leaked last month by a group called the Shadow Brokers wreak so much havoc
Before the malware could do damage in the United States a lone British researcher known as MalwareTech
serendipitously identified its kill switch -- the registration of a domain name -- while on vacation The ease with which
MalwareTech did this says a great deal about the poor state of the global information security industry and raises several
important questions
MalwareTech analyzed the malware in a testing environment and immediately noticed the code queried an improbable
Internet domain name that did not exist Domain names often function as malware command and control centers so
MalwareTech simply bought the domain name which triggered the kill switch for WannaCrypt This was incredibly lucky
MalwareTech believes that the domain name was not intended as a kill switch but rather a mechanism by which the
malware itself could identify whether it was being analyzed
If the domain name were active the malware would assume it was a false positive from a researcher dissembling its code
and WannaCrypt was designed to frustrate such analyses by shutting itself down The fact that only a single domain name
was coded into the malware meant that registering that domain name had the effect of shutting down WannaCrypt
worldwide In short WannaCrypts creators were lazy and the world lucked out If WannaCrypt could be shut down so
quickly and easily why did it take so long for someone in this world to flip the kill switch and what does this say about
the state of global cyber preparedness
First it shows that the information security industry views cyberattacks more as a business development opportunity than
as a chance to put their collective heads together to eliminate threats Though there are undoubtedly professionals who
share data unconditionally -- as MalwareTech himself did -- yesterdays events make it clear that the efforts of the
information security community need greater alignment and that the world cannot rely on a combination of serendipity
and lazy coding to prevent the next attack
Second we must ask whether WannaCrypt was merely a test of readiness Perhaps the kill switch existed not out of
laziness but as a deliberate act one designed to test how long it would take to shut down the attack On the other hand
perhaps the creators intended to gather intelligence on the extent and type of systems that could be affected by malware
targeting aged operating systems like Windows XP which developers do not regularly update or support Alternatively
WannaCrypt could have been intended merely to demonstrate the moral hazard of governments that catalogue software
vulnerabilities but do not notify software developers Thus WannaCrypt illustrated exactly what could happen if these
vulnerabilities fall into the wrong hands
WannaCrypt has generated much debate about the danger of state-sponsored cyberattacks As a staunch privacy and
security advocate I believe the inclusion of government-mandated backdoors in applications or operating systems that
Security amp Privacy Articles and News
4
could allow unfettered access to personal data or activities are not only unwise but entirely misguided But if the 2016
election has taught us anything we cannot deny that we live in a time that requires both offensive and defensive cyber
capabilities
Similarly we cannot deny that we should be expecting more of software behemoths like Microsoft We live in the era of
big data where all software is tracked In the face of a software vulnerability that may bring a portion of the world to a
halt we should expect more than the timely release of a patch
When critical systems rely on at-risk software it is reasonable to expect that software developers like Microsoft not
governments become more adept at notifying at-risk parties and ensuring systems become properly patched Long-
winded blog posts emails and available updates are unfortunately insufficient because many customers do not receive
mainstream support or may not even know they are in possession of a vulnerable system
On April 8 2014 Microsoft ended its support of the Windows XP operating system on which WannaCrypt relied to
propagate and yet institutions around the globe continue to use it The world was quite different three years ago the
Internet of Things was a nascent but growing concept Today the IoT is a major concern
If we do not discover greater efficiencies to combat pernicious threats like WannaCrypt and if we countenance the
creation and abandonment of insecure software we can expect to face a far greater cascade of threats that have the
potential to cause significant digital and physical damage And next time we may not be so lucky
May 2017 Volume 15 - Issue 4
Feature articles include
Recon and Respond to Malware Threats in the Cloud - By Ravi Balupari and Abhinav Singh - ISSA member Silicon Valley
Chapter
Best Practices When Implementing Web Application Scanning into an SDLC - By Matt Wilgus - ISSA member Raleigh
Chapter
Embracing Cloud Computing to Enhance Your Overall Security Posture - By Yuri Diogenes - ISSA Senior Member Fort
Worth Chapter
Security Assurance of Docker Containers Part 2 - By Stefan Winkel - ISSA member Silicon Valley Chapter
Members please click on the following Journal issue links for access
Computer Bluetoad - PDF Mobile ePub - Mobi
CISSP Study Group
What is the CISSPreg (Certified Information Systems Security Professional)
The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence skills
experience and credibility to design engineer implement and manage their overall information security program to protect
organizations from growing sophisticated attacks
Where TEKsystems 7421 W 129th Street Suite 300 Overland Park KS 66213
When 2nd and 4th Mondays of each month 6-8 PM
Contact Mark Waugh (waughmarkrgmailcom) 913-636-7900
Thanks
Director of Education Larry Dilley
certificationkcissaorg
ISSA Journal May 2017
Certification Corner
5
July 13 2017 | Overland Park Convention Center | 830am ndash 445pm
Staying up to date with the technology that runs your organization and ensures a secure environment for your data and infrastructure
are critical to your business INTERFACE helps you meet these needs by providing quality vendor-neutral educational seminars
drawn from case studies and best practice examples from leaders in the field
What is INTERFACE
F2F Events Inc (F2F) produces CPE-accredited educational conferences for IT professionals focusing on the latest developments in
information security IT infrastructure and communications F2Frsquos INTERFACE conference series is dedicated to providing both
attending delegates and sponsors a strong return on their investment of time and resources With a ldquoby invitation-onlyrdquo format
cutting-edge content interactive labs amp exhibits and other complimentary delegate benefits (coffee lunch cocktails etc)
INTERFACE has earned the reputation as ldquoTHE technology conferencerdquo for IT professionals across the country
Overland Park Convention Center
Ballroom A-C
6000 College Boulevard
Overland Park KS 66211 Register
2017 Fellows Cycle is Now Open
The Fellow Program recognizes sustained membership and contributions to the profession No more than 1 of members
may hold Distinguished Fellow status at any given time Fellow status will be limited to a maximum of 2 of the
membership Nominations and applications are accepted on an annual cycle The next cycle will open December 2
2016 and applications will be accepted until July 10 2017 at 500pm Eastern Time Following the application period
there will be a ten week review period followed by the notification and presentation process Fellows and Distinguished
Fellows for the 2017 Cycle will be recognized at the 2017 ISSA International Conference Submissions received after the
deadline will not be considered
Familiarize yourself with the Fellow Program and the submission guidelines If you have questions contact The Fellow
Manager or call 866 349 5818 (US toll free) extension 4082
Become a Senior Member
Any member can achieve Senior Member status the first step in the Fellow Program What are the criteria
5 years of ISSA membership
10 years relevant professional experience
WebinarsConferences
ISSA Kansas City Chapter Membership
6
All Senior Member applications require an endorsement from their home chapter to qualify
For your convenience please feel free to use this Senior Member Application Check-list to confirm eligibility
and completion of application
Application forms
Submit your application for Senior Member
Submit an endorsement on behalf of a Senior Member candidate
Fellow and Distinguished Fellow
Have you led an information security team or project for five or more years Do you have at least eight years of ISSA
membership and served for three years in a leadership role (as a chapter officer or Board member or in an International
role) You may be eligible to become an ISSA Fellow or Distinguished Fellow Please consult the Fellow Program
Guidelines and use the current forms to ensure you comply with all requirements
Fellow Qualifications
8 years of association membership
12 person-years of relevant professional experience
3 years of volunteer leadership in the association
5 years of significant performance in the profession such as substantial job responsibilities in leading a team or
project performing research with some measure of success or faculty developing and teaching courses
All Fellow applications require a nomination to qualify
For your convenience please feel free to use this Fellow Application Check-list to confirm eligibility and
completion of application
Application forms
Submit your application for Fellow
Submit a nomination on behalf of a Fellow candidate
Submit a letter of recommendation on behalf of a Fellow candidate
Distinguished Fellow Qualifications
12 years association membership
16 person-years of relevant professional experience
5 years of sustained volunteer leadership in the association
10 years of documented exceptional service to the security community and a significant contribution to security
posture or capability
All Distinguished Fellow applications require a nomination to qualify
For your convenience please feel free to use this Distinguished Fellow Application Check-list to confirm
eligibility and completion of application
Application forms
Submit your application for Distinguished Fellow
Submit a nomination on behalf of a Distinguished Fellow candidate
Submit a letter of recommendation on behalf of a Distinguished Fellow candidate
Please send an email if you have any questions about the ISSA membership and benefits
Thanks
Membership Director membershipkcissaorg
ISSA-Kansas City May Chapter Event
May 2017 ISSA Chapter Meeting
7
Topic Making a Jump to Risk Management
Speakers Jeffrey Blackmon and Co-Hosts Cheryl Cooper and Naeem Babri
Bio Jeffrey D Blackmon FBCI CISSP CBCP ITIL(F) Jeff is owner operator of Strategic Continuity Solutions LLC His company provides consulting
services in the following areas of Risk management Business Continuity Security Planning and
GovernanceRiskCompliance (GRC)
Jeff has contracted with such companies as Presbyterian Healthcare Services Bank of America L-3
Communications Library of Congress SRA international Midland Loan Processing and BDM
International He has also worked internationally at Saudi Arabia Marketing and Refining (SAMAREC)
and at the Royal Saudi Air Force Headquarters located in Riyadh
He is a graduate from University of Nebraska at Kearney with a double major in Math and Computer
Science He also has graduated with honors from Keller Graduate School of Management with a
Masters in Information Systems Management emphasis in Security
Brief Description of Topic Discussion on Risk Management and the components of Security Business Continuity and
Compliance We will discuss the definitions of what is included within Risk Management including Emerging Risk Register how
to determine Risk Impact Probability and Severity We will also demonstrate a quick example to show how all the components
work together to form a final risk exposure value This meeting will be more of a discussion than presentation so be prepared to
jump in with questions and comments
Location
Hereford House
Town Center Plaza 5001 Town Center Dr
Leawood KS 66211
Menu
Salad Choice of one Beef Chicken or Salmon
Salad Potato Vegetable Drink
Vegetarian option available please note at registration
Agenda
1130 AM - 1200 PM Greeting and registration
1200 PM - 100 PM - Meeting amp Presentation
100 PM - 130 PM - Questions Answers amp Networking
Price
$2000 for ISSA Members
$3000 for GuestsNon-Members
Maximum Reservation 35
Credit(s) 1 CPE credit
We look forward to seeing you at the event If you have any questions about the event or how to register please email our RSVP
email or contact the venue for directions
Register
8
The Information Systems Security Association (ISSA) is an
international organization providing educational forums publications and peer interaction opportunities that enhance the knowledge skills and professionalism The primary goal of ISSA is to promote management practices that will
ensure availability integrity and confidentiality of organizational resources
President Naeem Babri presidentkcissaorg Vice President Cheryl Cooper mailtovpkcissaorg Director of Social Media Melissa Salazar socialmediakcissaorg Secretary of Board Rochelle Boyd secretarykcissaorg
Newsletter Chief Editor Cheryl Cooper newsletterkcissaorg Treasurer Gary Kretzer treasurerkcissaorg Director of Membership Wei Cheng membershipkcissaorg Director of Education Larry Dilley certificationkcissaorg
Director of Programs Carmen Banks programskcissaorg Webmaster Thomas Badgett webmasterkcissaorg Director of Events
Dan Boethe eventskcissaorg
Past Presidents Bob Reese Tom Stripling Jeff Blackwood Michelle Moloney
2
What is Crowdsourcing
Simply defined crowdsourcing represents the act of a company or institution taking a function once performed by employees and
outsourcing it to an undefined (and generally large) network of people in the form of an open call This can take the form of peer-
production (when the job is performed collaboratively) but is also often undertaken by sole individuals The crucial prerequisite is the
use of the open call format and the large network of
potential laborers
Crowdsourcing is a type of participative online activity in
which an individual an institution a nonprofit organization
or company proposes to a group of individuals of varying
knowledge heterogeneity and number via a flexible open
call the voluntary undertaking of a task The undertaking of
the task of variable complexity and modularity and in
which the crowd should participate bringing their work
money knowledge [andor] experience always entails
mutual
benefit The user will receive the satisfaction of a given type
of need be it economic social recognition self-esteem or
the development of individual skills while the crowdsourcer
will obtain and use to their advantage that which the user has
brought to the venture whose form will depend on the type
of activity undertaken
Crowdsourcing is channeling the expertsrsquo desire to solve a
problem and then freely sharing the answer with everyone ==== from the presentation
Pictures from SecureWorld Expo
ISSA KC Door prize (Bluetooth Speaker) winner is Chris Armstrong Congrats
ISSA KC May 2017 Chapter Meeting Recap
ISSA - Conferences
3
WannaCrypt ransomware attack
should make us wanna cry By Alexander Urbelis
httpwwwcnncom20170514opinionswannacrypt-attack-
should-make-us-wanna-cry-about-vulnerability-urbelisindexhtml
On Friday the world experienced the wrath of a well-coordinated
ransomware attack known as WannaCrypt The attack caused Britains
NHS to cancel surgeries a wide array of Russian and Chinese private and public institutions to be crippled most of the
day and the rest of the world to recoil in shock How could a single piece of malware that exploited a vulnerability
identified long ago by the NSA and leaked last month by a group called the Shadow Brokers wreak so much havoc
Before the malware could do damage in the United States a lone British researcher known as MalwareTech
serendipitously identified its kill switch -- the registration of a domain name -- while on vacation The ease with which
MalwareTech did this says a great deal about the poor state of the global information security industry and raises several
important questions
MalwareTech analyzed the malware in a testing environment and immediately noticed the code queried an improbable
Internet domain name that did not exist Domain names often function as malware command and control centers so
MalwareTech simply bought the domain name which triggered the kill switch for WannaCrypt This was incredibly lucky
MalwareTech believes that the domain name was not intended as a kill switch but rather a mechanism by which the
malware itself could identify whether it was being analyzed
If the domain name were active the malware would assume it was a false positive from a researcher dissembling its code
and WannaCrypt was designed to frustrate such analyses by shutting itself down The fact that only a single domain name
was coded into the malware meant that registering that domain name had the effect of shutting down WannaCrypt
worldwide In short WannaCrypts creators were lazy and the world lucked out If WannaCrypt could be shut down so
quickly and easily why did it take so long for someone in this world to flip the kill switch and what does this say about
the state of global cyber preparedness
First it shows that the information security industry views cyberattacks more as a business development opportunity than
as a chance to put their collective heads together to eliminate threats Though there are undoubtedly professionals who
share data unconditionally -- as MalwareTech himself did -- yesterdays events make it clear that the efforts of the
information security community need greater alignment and that the world cannot rely on a combination of serendipity
and lazy coding to prevent the next attack
Second we must ask whether WannaCrypt was merely a test of readiness Perhaps the kill switch existed not out of
laziness but as a deliberate act one designed to test how long it would take to shut down the attack On the other hand
perhaps the creators intended to gather intelligence on the extent and type of systems that could be affected by malware
targeting aged operating systems like Windows XP which developers do not regularly update or support Alternatively
WannaCrypt could have been intended merely to demonstrate the moral hazard of governments that catalogue software
vulnerabilities but do not notify software developers Thus WannaCrypt illustrated exactly what could happen if these
vulnerabilities fall into the wrong hands
WannaCrypt has generated much debate about the danger of state-sponsored cyberattacks As a staunch privacy and
security advocate I believe the inclusion of government-mandated backdoors in applications or operating systems that
Security amp Privacy Articles and News
4
could allow unfettered access to personal data or activities are not only unwise but entirely misguided But if the 2016
election has taught us anything we cannot deny that we live in a time that requires both offensive and defensive cyber
capabilities
Similarly we cannot deny that we should be expecting more of software behemoths like Microsoft We live in the era of
big data where all software is tracked In the face of a software vulnerability that may bring a portion of the world to a
halt we should expect more than the timely release of a patch
When critical systems rely on at-risk software it is reasonable to expect that software developers like Microsoft not
governments become more adept at notifying at-risk parties and ensuring systems become properly patched Long-
winded blog posts emails and available updates are unfortunately insufficient because many customers do not receive
mainstream support or may not even know they are in possession of a vulnerable system
On April 8 2014 Microsoft ended its support of the Windows XP operating system on which WannaCrypt relied to
propagate and yet institutions around the globe continue to use it The world was quite different three years ago the
Internet of Things was a nascent but growing concept Today the IoT is a major concern
If we do not discover greater efficiencies to combat pernicious threats like WannaCrypt and if we countenance the
creation and abandonment of insecure software we can expect to face a far greater cascade of threats that have the
potential to cause significant digital and physical damage And next time we may not be so lucky
May 2017 Volume 15 - Issue 4
Feature articles include
Recon and Respond to Malware Threats in the Cloud - By Ravi Balupari and Abhinav Singh - ISSA member Silicon Valley
Chapter
Best Practices When Implementing Web Application Scanning into an SDLC - By Matt Wilgus - ISSA member Raleigh
Chapter
Embracing Cloud Computing to Enhance Your Overall Security Posture - By Yuri Diogenes - ISSA Senior Member Fort
Worth Chapter
Security Assurance of Docker Containers Part 2 - By Stefan Winkel - ISSA member Silicon Valley Chapter
Members please click on the following Journal issue links for access
Computer Bluetoad - PDF Mobile ePub - Mobi
CISSP Study Group
What is the CISSPreg (Certified Information Systems Security Professional)
The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence skills
experience and credibility to design engineer implement and manage their overall information security program to protect
organizations from growing sophisticated attacks
Where TEKsystems 7421 W 129th Street Suite 300 Overland Park KS 66213
When 2nd and 4th Mondays of each month 6-8 PM
Contact Mark Waugh (waughmarkrgmailcom) 913-636-7900
Thanks
Director of Education Larry Dilley
certificationkcissaorg
ISSA Journal May 2017
Certification Corner
5
July 13 2017 | Overland Park Convention Center | 830am ndash 445pm
Staying up to date with the technology that runs your organization and ensures a secure environment for your data and infrastructure
are critical to your business INTERFACE helps you meet these needs by providing quality vendor-neutral educational seminars
drawn from case studies and best practice examples from leaders in the field
What is INTERFACE
F2F Events Inc (F2F) produces CPE-accredited educational conferences for IT professionals focusing on the latest developments in
information security IT infrastructure and communications F2Frsquos INTERFACE conference series is dedicated to providing both
attending delegates and sponsors a strong return on their investment of time and resources With a ldquoby invitation-onlyrdquo format
cutting-edge content interactive labs amp exhibits and other complimentary delegate benefits (coffee lunch cocktails etc)
INTERFACE has earned the reputation as ldquoTHE technology conferencerdquo for IT professionals across the country
Overland Park Convention Center
Ballroom A-C
6000 College Boulevard
Overland Park KS 66211 Register
2017 Fellows Cycle is Now Open
The Fellow Program recognizes sustained membership and contributions to the profession No more than 1 of members
may hold Distinguished Fellow status at any given time Fellow status will be limited to a maximum of 2 of the
membership Nominations and applications are accepted on an annual cycle The next cycle will open December 2
2016 and applications will be accepted until July 10 2017 at 500pm Eastern Time Following the application period
there will be a ten week review period followed by the notification and presentation process Fellows and Distinguished
Fellows for the 2017 Cycle will be recognized at the 2017 ISSA International Conference Submissions received after the
deadline will not be considered
Familiarize yourself with the Fellow Program and the submission guidelines If you have questions contact The Fellow
Manager or call 866 349 5818 (US toll free) extension 4082
Become a Senior Member
Any member can achieve Senior Member status the first step in the Fellow Program What are the criteria
5 years of ISSA membership
10 years relevant professional experience
WebinarsConferences
ISSA Kansas City Chapter Membership
6
All Senior Member applications require an endorsement from their home chapter to qualify
For your convenience please feel free to use this Senior Member Application Check-list to confirm eligibility
and completion of application
Application forms
Submit your application for Senior Member
Submit an endorsement on behalf of a Senior Member candidate
Fellow and Distinguished Fellow
Have you led an information security team or project for five or more years Do you have at least eight years of ISSA
membership and served for three years in a leadership role (as a chapter officer or Board member or in an International
role) You may be eligible to become an ISSA Fellow or Distinguished Fellow Please consult the Fellow Program
Guidelines and use the current forms to ensure you comply with all requirements
Fellow Qualifications
8 years of association membership
12 person-years of relevant professional experience
3 years of volunteer leadership in the association
5 years of significant performance in the profession such as substantial job responsibilities in leading a team or
project performing research with some measure of success or faculty developing and teaching courses
All Fellow applications require a nomination to qualify
For your convenience please feel free to use this Fellow Application Check-list to confirm eligibility and
completion of application
Application forms
Submit your application for Fellow
Submit a nomination on behalf of a Fellow candidate
Submit a letter of recommendation on behalf of a Fellow candidate
Distinguished Fellow Qualifications
12 years association membership
16 person-years of relevant professional experience
5 years of sustained volunteer leadership in the association
10 years of documented exceptional service to the security community and a significant contribution to security
posture or capability
All Distinguished Fellow applications require a nomination to qualify
For your convenience please feel free to use this Distinguished Fellow Application Check-list to confirm
eligibility and completion of application
Application forms
Submit your application for Distinguished Fellow
Submit a nomination on behalf of a Distinguished Fellow candidate
Submit a letter of recommendation on behalf of a Distinguished Fellow candidate
Please send an email if you have any questions about the ISSA membership and benefits
Thanks
Membership Director membershipkcissaorg
ISSA-Kansas City May Chapter Event
May 2017 ISSA Chapter Meeting
7
Topic Making a Jump to Risk Management
Speakers Jeffrey Blackmon and Co-Hosts Cheryl Cooper and Naeem Babri
Bio Jeffrey D Blackmon FBCI CISSP CBCP ITIL(F) Jeff is owner operator of Strategic Continuity Solutions LLC His company provides consulting
services in the following areas of Risk management Business Continuity Security Planning and
GovernanceRiskCompliance (GRC)
Jeff has contracted with such companies as Presbyterian Healthcare Services Bank of America L-3
Communications Library of Congress SRA international Midland Loan Processing and BDM
International He has also worked internationally at Saudi Arabia Marketing and Refining (SAMAREC)
and at the Royal Saudi Air Force Headquarters located in Riyadh
He is a graduate from University of Nebraska at Kearney with a double major in Math and Computer
Science He also has graduated with honors from Keller Graduate School of Management with a
Masters in Information Systems Management emphasis in Security
Brief Description of Topic Discussion on Risk Management and the components of Security Business Continuity and
Compliance We will discuss the definitions of what is included within Risk Management including Emerging Risk Register how
to determine Risk Impact Probability and Severity We will also demonstrate a quick example to show how all the components
work together to form a final risk exposure value This meeting will be more of a discussion than presentation so be prepared to
jump in with questions and comments
Location
Hereford House
Town Center Plaza 5001 Town Center Dr
Leawood KS 66211
Menu
Salad Choice of one Beef Chicken or Salmon
Salad Potato Vegetable Drink
Vegetarian option available please note at registration
Agenda
1130 AM - 1200 PM Greeting and registration
1200 PM - 100 PM - Meeting amp Presentation
100 PM - 130 PM - Questions Answers amp Networking
Price
$2000 for ISSA Members
$3000 for GuestsNon-Members
Maximum Reservation 35
Credit(s) 1 CPE credit
We look forward to seeing you at the event If you have any questions about the event or how to register please email our RSVP
email or contact the venue for directions
Register
8
The Information Systems Security Association (ISSA) is an
international organization providing educational forums publications and peer interaction opportunities that enhance the knowledge skills and professionalism The primary goal of ISSA is to promote management practices that will
ensure availability integrity and confidentiality of organizational resources
President Naeem Babri presidentkcissaorg Vice President Cheryl Cooper mailtovpkcissaorg Director of Social Media Melissa Salazar socialmediakcissaorg Secretary of Board Rochelle Boyd secretarykcissaorg
Newsletter Chief Editor Cheryl Cooper newsletterkcissaorg Treasurer Gary Kretzer treasurerkcissaorg Director of Membership Wei Cheng membershipkcissaorg Director of Education Larry Dilley certificationkcissaorg
Director of Programs Carmen Banks programskcissaorg Webmaster Thomas Badgett webmasterkcissaorg Director of Events
Dan Boethe eventskcissaorg
Past Presidents Bob Reese Tom Stripling Jeff Blackwood Michelle Moloney
3
WannaCrypt ransomware attack
should make us wanna cry By Alexander Urbelis
httpwwwcnncom20170514opinionswannacrypt-attack-
should-make-us-wanna-cry-about-vulnerability-urbelisindexhtml
On Friday the world experienced the wrath of a well-coordinated
ransomware attack known as WannaCrypt The attack caused Britains
NHS to cancel surgeries a wide array of Russian and Chinese private and public institutions to be crippled most of the
day and the rest of the world to recoil in shock How could a single piece of malware that exploited a vulnerability
identified long ago by the NSA and leaked last month by a group called the Shadow Brokers wreak so much havoc
Before the malware could do damage in the United States a lone British researcher known as MalwareTech
serendipitously identified its kill switch -- the registration of a domain name -- while on vacation The ease with which
MalwareTech did this says a great deal about the poor state of the global information security industry and raises several
important questions
MalwareTech analyzed the malware in a testing environment and immediately noticed the code queried an improbable
Internet domain name that did not exist Domain names often function as malware command and control centers so
MalwareTech simply bought the domain name which triggered the kill switch for WannaCrypt This was incredibly lucky
MalwareTech believes that the domain name was not intended as a kill switch but rather a mechanism by which the
malware itself could identify whether it was being analyzed
If the domain name were active the malware would assume it was a false positive from a researcher dissembling its code
and WannaCrypt was designed to frustrate such analyses by shutting itself down The fact that only a single domain name
was coded into the malware meant that registering that domain name had the effect of shutting down WannaCrypt
worldwide In short WannaCrypts creators were lazy and the world lucked out If WannaCrypt could be shut down so
quickly and easily why did it take so long for someone in this world to flip the kill switch and what does this say about
the state of global cyber preparedness
First it shows that the information security industry views cyberattacks more as a business development opportunity than
as a chance to put their collective heads together to eliminate threats Though there are undoubtedly professionals who
share data unconditionally -- as MalwareTech himself did -- yesterdays events make it clear that the efforts of the
information security community need greater alignment and that the world cannot rely on a combination of serendipity
and lazy coding to prevent the next attack
Second we must ask whether WannaCrypt was merely a test of readiness Perhaps the kill switch existed not out of
laziness but as a deliberate act one designed to test how long it would take to shut down the attack On the other hand
perhaps the creators intended to gather intelligence on the extent and type of systems that could be affected by malware
targeting aged operating systems like Windows XP which developers do not regularly update or support Alternatively
WannaCrypt could have been intended merely to demonstrate the moral hazard of governments that catalogue software
vulnerabilities but do not notify software developers Thus WannaCrypt illustrated exactly what could happen if these
vulnerabilities fall into the wrong hands
WannaCrypt has generated much debate about the danger of state-sponsored cyberattacks As a staunch privacy and
security advocate I believe the inclusion of government-mandated backdoors in applications or operating systems that
Security amp Privacy Articles and News
4
could allow unfettered access to personal data or activities are not only unwise but entirely misguided But if the 2016
election has taught us anything we cannot deny that we live in a time that requires both offensive and defensive cyber
capabilities
Similarly we cannot deny that we should be expecting more of software behemoths like Microsoft We live in the era of
big data where all software is tracked In the face of a software vulnerability that may bring a portion of the world to a
halt we should expect more than the timely release of a patch
When critical systems rely on at-risk software it is reasonable to expect that software developers like Microsoft not
governments become more adept at notifying at-risk parties and ensuring systems become properly patched Long-
winded blog posts emails and available updates are unfortunately insufficient because many customers do not receive
mainstream support or may not even know they are in possession of a vulnerable system
On April 8 2014 Microsoft ended its support of the Windows XP operating system on which WannaCrypt relied to
propagate and yet institutions around the globe continue to use it The world was quite different three years ago the
Internet of Things was a nascent but growing concept Today the IoT is a major concern
If we do not discover greater efficiencies to combat pernicious threats like WannaCrypt and if we countenance the
creation and abandonment of insecure software we can expect to face a far greater cascade of threats that have the
potential to cause significant digital and physical damage And next time we may not be so lucky
May 2017 Volume 15 - Issue 4
Feature articles include
Recon and Respond to Malware Threats in the Cloud - By Ravi Balupari and Abhinav Singh - ISSA member Silicon Valley
Chapter
Best Practices When Implementing Web Application Scanning into an SDLC - By Matt Wilgus - ISSA member Raleigh
Chapter
Embracing Cloud Computing to Enhance Your Overall Security Posture - By Yuri Diogenes - ISSA Senior Member Fort
Worth Chapter
Security Assurance of Docker Containers Part 2 - By Stefan Winkel - ISSA member Silicon Valley Chapter
Members please click on the following Journal issue links for access
Computer Bluetoad - PDF Mobile ePub - Mobi
CISSP Study Group
What is the CISSPreg (Certified Information Systems Security Professional)
The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence skills
experience and credibility to design engineer implement and manage their overall information security program to protect
organizations from growing sophisticated attacks
Where TEKsystems 7421 W 129th Street Suite 300 Overland Park KS 66213
When 2nd and 4th Mondays of each month 6-8 PM
Contact Mark Waugh (waughmarkrgmailcom) 913-636-7900
Thanks
Director of Education Larry Dilley
certificationkcissaorg
ISSA Journal May 2017
Certification Corner
5
July 13 2017 | Overland Park Convention Center | 830am ndash 445pm
Staying up to date with the technology that runs your organization and ensures a secure environment for your data and infrastructure
are critical to your business INTERFACE helps you meet these needs by providing quality vendor-neutral educational seminars
drawn from case studies and best practice examples from leaders in the field
What is INTERFACE
F2F Events Inc (F2F) produces CPE-accredited educational conferences for IT professionals focusing on the latest developments in
information security IT infrastructure and communications F2Frsquos INTERFACE conference series is dedicated to providing both
attending delegates and sponsors a strong return on their investment of time and resources With a ldquoby invitation-onlyrdquo format
cutting-edge content interactive labs amp exhibits and other complimentary delegate benefits (coffee lunch cocktails etc)
INTERFACE has earned the reputation as ldquoTHE technology conferencerdquo for IT professionals across the country
Overland Park Convention Center
Ballroom A-C
6000 College Boulevard
Overland Park KS 66211 Register
2017 Fellows Cycle is Now Open
The Fellow Program recognizes sustained membership and contributions to the profession No more than 1 of members
may hold Distinguished Fellow status at any given time Fellow status will be limited to a maximum of 2 of the
membership Nominations and applications are accepted on an annual cycle The next cycle will open December 2
2016 and applications will be accepted until July 10 2017 at 500pm Eastern Time Following the application period
there will be a ten week review period followed by the notification and presentation process Fellows and Distinguished
Fellows for the 2017 Cycle will be recognized at the 2017 ISSA International Conference Submissions received after the
deadline will not be considered
Familiarize yourself with the Fellow Program and the submission guidelines If you have questions contact The Fellow
Manager or call 866 349 5818 (US toll free) extension 4082
Become a Senior Member
Any member can achieve Senior Member status the first step in the Fellow Program What are the criteria
5 years of ISSA membership
10 years relevant professional experience
WebinarsConferences
ISSA Kansas City Chapter Membership
6
All Senior Member applications require an endorsement from their home chapter to qualify
For your convenience please feel free to use this Senior Member Application Check-list to confirm eligibility
and completion of application
Application forms
Submit your application for Senior Member
Submit an endorsement on behalf of a Senior Member candidate
Fellow and Distinguished Fellow
Have you led an information security team or project for five or more years Do you have at least eight years of ISSA
membership and served for three years in a leadership role (as a chapter officer or Board member or in an International
role) You may be eligible to become an ISSA Fellow or Distinguished Fellow Please consult the Fellow Program
Guidelines and use the current forms to ensure you comply with all requirements
Fellow Qualifications
8 years of association membership
12 person-years of relevant professional experience
3 years of volunteer leadership in the association
5 years of significant performance in the profession such as substantial job responsibilities in leading a team or
project performing research with some measure of success or faculty developing and teaching courses
All Fellow applications require a nomination to qualify
For your convenience please feel free to use this Fellow Application Check-list to confirm eligibility and
completion of application
Application forms
Submit your application for Fellow
Submit a nomination on behalf of a Fellow candidate
Submit a letter of recommendation on behalf of a Fellow candidate
Distinguished Fellow Qualifications
12 years association membership
16 person-years of relevant professional experience
5 years of sustained volunteer leadership in the association
10 years of documented exceptional service to the security community and a significant contribution to security
posture or capability
All Distinguished Fellow applications require a nomination to qualify
For your convenience please feel free to use this Distinguished Fellow Application Check-list to confirm
eligibility and completion of application
Application forms
Submit your application for Distinguished Fellow
Submit a nomination on behalf of a Distinguished Fellow candidate
Submit a letter of recommendation on behalf of a Distinguished Fellow candidate
Please send an email if you have any questions about the ISSA membership and benefits
Thanks
Membership Director membershipkcissaorg
ISSA-Kansas City May Chapter Event
May 2017 ISSA Chapter Meeting
7
Topic Making a Jump to Risk Management
Speakers Jeffrey Blackmon and Co-Hosts Cheryl Cooper and Naeem Babri
Bio Jeffrey D Blackmon FBCI CISSP CBCP ITIL(F) Jeff is owner operator of Strategic Continuity Solutions LLC His company provides consulting
services in the following areas of Risk management Business Continuity Security Planning and
GovernanceRiskCompliance (GRC)
Jeff has contracted with such companies as Presbyterian Healthcare Services Bank of America L-3
Communications Library of Congress SRA international Midland Loan Processing and BDM
International He has also worked internationally at Saudi Arabia Marketing and Refining (SAMAREC)
and at the Royal Saudi Air Force Headquarters located in Riyadh
He is a graduate from University of Nebraska at Kearney with a double major in Math and Computer
Science He also has graduated with honors from Keller Graduate School of Management with a
Masters in Information Systems Management emphasis in Security
Brief Description of Topic Discussion on Risk Management and the components of Security Business Continuity and
Compliance We will discuss the definitions of what is included within Risk Management including Emerging Risk Register how
to determine Risk Impact Probability and Severity We will also demonstrate a quick example to show how all the components
work together to form a final risk exposure value This meeting will be more of a discussion than presentation so be prepared to
jump in with questions and comments
Location
Hereford House
Town Center Plaza 5001 Town Center Dr
Leawood KS 66211
Menu
Salad Choice of one Beef Chicken or Salmon
Salad Potato Vegetable Drink
Vegetarian option available please note at registration
Agenda
1130 AM - 1200 PM Greeting and registration
1200 PM - 100 PM - Meeting amp Presentation
100 PM - 130 PM - Questions Answers amp Networking
Price
$2000 for ISSA Members
$3000 for GuestsNon-Members
Maximum Reservation 35
Credit(s) 1 CPE credit
We look forward to seeing you at the event If you have any questions about the event or how to register please email our RSVP
email or contact the venue for directions
Register
8
The Information Systems Security Association (ISSA) is an
international organization providing educational forums publications and peer interaction opportunities that enhance the knowledge skills and professionalism The primary goal of ISSA is to promote management practices that will
ensure availability integrity and confidentiality of organizational resources
President Naeem Babri presidentkcissaorg Vice President Cheryl Cooper mailtovpkcissaorg Director of Social Media Melissa Salazar socialmediakcissaorg Secretary of Board Rochelle Boyd secretarykcissaorg
Newsletter Chief Editor Cheryl Cooper newsletterkcissaorg Treasurer Gary Kretzer treasurerkcissaorg Director of Membership Wei Cheng membershipkcissaorg Director of Education Larry Dilley certificationkcissaorg
Director of Programs Carmen Banks programskcissaorg Webmaster Thomas Badgett webmasterkcissaorg Director of Events
Dan Boethe eventskcissaorg
Past Presidents Bob Reese Tom Stripling Jeff Blackwood Michelle Moloney
4
could allow unfettered access to personal data or activities are not only unwise but entirely misguided But if the 2016
election has taught us anything we cannot deny that we live in a time that requires both offensive and defensive cyber
capabilities
Similarly we cannot deny that we should be expecting more of software behemoths like Microsoft We live in the era of
big data where all software is tracked In the face of a software vulnerability that may bring a portion of the world to a
halt we should expect more than the timely release of a patch
When critical systems rely on at-risk software it is reasonable to expect that software developers like Microsoft not
governments become more adept at notifying at-risk parties and ensuring systems become properly patched Long-
winded blog posts emails and available updates are unfortunately insufficient because many customers do not receive
mainstream support or may not even know they are in possession of a vulnerable system
On April 8 2014 Microsoft ended its support of the Windows XP operating system on which WannaCrypt relied to
propagate and yet institutions around the globe continue to use it The world was quite different three years ago the
Internet of Things was a nascent but growing concept Today the IoT is a major concern
If we do not discover greater efficiencies to combat pernicious threats like WannaCrypt and if we countenance the
creation and abandonment of insecure software we can expect to face a far greater cascade of threats that have the
potential to cause significant digital and physical damage And next time we may not be so lucky
May 2017 Volume 15 - Issue 4
Feature articles include
Recon and Respond to Malware Threats in the Cloud - By Ravi Balupari and Abhinav Singh - ISSA member Silicon Valley
Chapter
Best Practices When Implementing Web Application Scanning into an SDLC - By Matt Wilgus - ISSA member Raleigh
Chapter
Embracing Cloud Computing to Enhance Your Overall Security Posture - By Yuri Diogenes - ISSA Senior Member Fort
Worth Chapter
Security Assurance of Docker Containers Part 2 - By Stefan Winkel - ISSA member Silicon Valley Chapter
Members please click on the following Journal issue links for access
Computer Bluetoad - PDF Mobile ePub - Mobi
CISSP Study Group
What is the CISSPreg (Certified Information Systems Security Professional)
The vendor-neutral CISSP certification is the ideal credential for those with proven deep technical and managerial competence skills
experience and credibility to design engineer implement and manage their overall information security program to protect
organizations from growing sophisticated attacks
Where TEKsystems 7421 W 129th Street Suite 300 Overland Park KS 66213
When 2nd and 4th Mondays of each month 6-8 PM
Contact Mark Waugh (waughmarkrgmailcom) 913-636-7900
Thanks
Director of Education Larry Dilley
certificationkcissaorg
ISSA Journal May 2017
Certification Corner
5
July 13 2017 | Overland Park Convention Center | 830am ndash 445pm
Staying up to date with the technology that runs your organization and ensures a secure environment for your data and infrastructure
are critical to your business INTERFACE helps you meet these needs by providing quality vendor-neutral educational seminars
drawn from case studies and best practice examples from leaders in the field
What is INTERFACE
F2F Events Inc (F2F) produces CPE-accredited educational conferences for IT professionals focusing on the latest developments in
information security IT infrastructure and communications F2Frsquos INTERFACE conference series is dedicated to providing both
attending delegates and sponsors a strong return on their investment of time and resources With a ldquoby invitation-onlyrdquo format
cutting-edge content interactive labs amp exhibits and other complimentary delegate benefits (coffee lunch cocktails etc)
INTERFACE has earned the reputation as ldquoTHE technology conferencerdquo for IT professionals across the country
Overland Park Convention Center
Ballroom A-C
6000 College Boulevard
Overland Park KS 66211 Register
2017 Fellows Cycle is Now Open
The Fellow Program recognizes sustained membership and contributions to the profession No more than 1 of members
may hold Distinguished Fellow status at any given time Fellow status will be limited to a maximum of 2 of the
membership Nominations and applications are accepted on an annual cycle The next cycle will open December 2
2016 and applications will be accepted until July 10 2017 at 500pm Eastern Time Following the application period
there will be a ten week review period followed by the notification and presentation process Fellows and Distinguished
Fellows for the 2017 Cycle will be recognized at the 2017 ISSA International Conference Submissions received after the
deadline will not be considered
Familiarize yourself with the Fellow Program and the submission guidelines If you have questions contact The Fellow
Manager or call 866 349 5818 (US toll free) extension 4082
Become a Senior Member
Any member can achieve Senior Member status the first step in the Fellow Program What are the criteria
5 years of ISSA membership
10 years relevant professional experience
WebinarsConferences
ISSA Kansas City Chapter Membership
6
All Senior Member applications require an endorsement from their home chapter to qualify
For your convenience please feel free to use this Senior Member Application Check-list to confirm eligibility
and completion of application
Application forms
Submit your application for Senior Member
Submit an endorsement on behalf of a Senior Member candidate
Fellow and Distinguished Fellow
Have you led an information security team or project for five or more years Do you have at least eight years of ISSA
membership and served for three years in a leadership role (as a chapter officer or Board member or in an International
role) You may be eligible to become an ISSA Fellow or Distinguished Fellow Please consult the Fellow Program
Guidelines and use the current forms to ensure you comply with all requirements
Fellow Qualifications
8 years of association membership
12 person-years of relevant professional experience
3 years of volunteer leadership in the association
5 years of significant performance in the profession such as substantial job responsibilities in leading a team or
project performing research with some measure of success or faculty developing and teaching courses
All Fellow applications require a nomination to qualify
For your convenience please feel free to use this Fellow Application Check-list to confirm eligibility and
completion of application
Application forms
Submit your application for Fellow
Submit a nomination on behalf of a Fellow candidate
Submit a letter of recommendation on behalf of a Fellow candidate
Distinguished Fellow Qualifications
12 years association membership
16 person-years of relevant professional experience
5 years of sustained volunteer leadership in the association
10 years of documented exceptional service to the security community and a significant contribution to security
posture or capability
All Distinguished Fellow applications require a nomination to qualify
For your convenience please feel free to use this Distinguished Fellow Application Check-list to confirm
eligibility and completion of application
Application forms
Submit your application for Distinguished Fellow
Submit a nomination on behalf of a Distinguished Fellow candidate
Submit a letter of recommendation on behalf of a Distinguished Fellow candidate
Please send an email if you have any questions about the ISSA membership and benefits
Thanks
Membership Director membershipkcissaorg
ISSA-Kansas City May Chapter Event
May 2017 ISSA Chapter Meeting
7
Topic Making a Jump to Risk Management
Speakers Jeffrey Blackmon and Co-Hosts Cheryl Cooper and Naeem Babri
Bio Jeffrey D Blackmon FBCI CISSP CBCP ITIL(F) Jeff is owner operator of Strategic Continuity Solutions LLC His company provides consulting
services in the following areas of Risk management Business Continuity Security Planning and
GovernanceRiskCompliance (GRC)
Jeff has contracted with such companies as Presbyterian Healthcare Services Bank of America L-3
Communications Library of Congress SRA international Midland Loan Processing and BDM
International He has also worked internationally at Saudi Arabia Marketing and Refining (SAMAREC)
and at the Royal Saudi Air Force Headquarters located in Riyadh
He is a graduate from University of Nebraska at Kearney with a double major in Math and Computer
Science He also has graduated with honors from Keller Graduate School of Management with a
Masters in Information Systems Management emphasis in Security
Brief Description of Topic Discussion on Risk Management and the components of Security Business Continuity and
Compliance We will discuss the definitions of what is included within Risk Management including Emerging Risk Register how
to determine Risk Impact Probability and Severity We will also demonstrate a quick example to show how all the components
work together to form a final risk exposure value This meeting will be more of a discussion than presentation so be prepared to
jump in with questions and comments
Location
Hereford House
Town Center Plaza 5001 Town Center Dr
Leawood KS 66211
Menu
Salad Choice of one Beef Chicken or Salmon
Salad Potato Vegetable Drink
Vegetarian option available please note at registration
Agenda
1130 AM - 1200 PM Greeting and registration
1200 PM - 100 PM - Meeting amp Presentation
100 PM - 130 PM - Questions Answers amp Networking
Price
$2000 for ISSA Members
$3000 for GuestsNon-Members
Maximum Reservation 35
Credit(s) 1 CPE credit
We look forward to seeing you at the event If you have any questions about the event or how to register please email our RSVP
email or contact the venue for directions
Register
8
The Information Systems Security Association (ISSA) is an
international organization providing educational forums publications and peer interaction opportunities that enhance the knowledge skills and professionalism The primary goal of ISSA is to promote management practices that will
ensure availability integrity and confidentiality of organizational resources
President Naeem Babri presidentkcissaorg Vice President Cheryl Cooper mailtovpkcissaorg Director of Social Media Melissa Salazar socialmediakcissaorg Secretary of Board Rochelle Boyd secretarykcissaorg
Newsletter Chief Editor Cheryl Cooper newsletterkcissaorg Treasurer Gary Kretzer treasurerkcissaorg Director of Membership Wei Cheng membershipkcissaorg Director of Education Larry Dilley certificationkcissaorg
Director of Programs Carmen Banks programskcissaorg Webmaster Thomas Badgett webmasterkcissaorg Director of Events
Dan Boethe eventskcissaorg
Past Presidents Bob Reese Tom Stripling Jeff Blackwood Michelle Moloney
5
July 13 2017 | Overland Park Convention Center | 830am ndash 445pm
Staying up to date with the technology that runs your organization and ensures a secure environment for your data and infrastructure
are critical to your business INTERFACE helps you meet these needs by providing quality vendor-neutral educational seminars
drawn from case studies and best practice examples from leaders in the field
What is INTERFACE
F2F Events Inc (F2F) produces CPE-accredited educational conferences for IT professionals focusing on the latest developments in
information security IT infrastructure and communications F2Frsquos INTERFACE conference series is dedicated to providing both
attending delegates and sponsors a strong return on their investment of time and resources With a ldquoby invitation-onlyrdquo format
cutting-edge content interactive labs amp exhibits and other complimentary delegate benefits (coffee lunch cocktails etc)
INTERFACE has earned the reputation as ldquoTHE technology conferencerdquo for IT professionals across the country
Overland Park Convention Center
Ballroom A-C
6000 College Boulevard
Overland Park KS 66211 Register
2017 Fellows Cycle is Now Open
The Fellow Program recognizes sustained membership and contributions to the profession No more than 1 of members
may hold Distinguished Fellow status at any given time Fellow status will be limited to a maximum of 2 of the
membership Nominations and applications are accepted on an annual cycle The next cycle will open December 2
2016 and applications will be accepted until July 10 2017 at 500pm Eastern Time Following the application period
there will be a ten week review period followed by the notification and presentation process Fellows and Distinguished
Fellows for the 2017 Cycle will be recognized at the 2017 ISSA International Conference Submissions received after the
deadline will not be considered
Familiarize yourself with the Fellow Program and the submission guidelines If you have questions contact The Fellow
Manager or call 866 349 5818 (US toll free) extension 4082
Become a Senior Member
Any member can achieve Senior Member status the first step in the Fellow Program What are the criteria
5 years of ISSA membership
10 years relevant professional experience
WebinarsConferences
ISSA Kansas City Chapter Membership
6
All Senior Member applications require an endorsement from their home chapter to qualify
For your convenience please feel free to use this Senior Member Application Check-list to confirm eligibility
and completion of application
Application forms
Submit your application for Senior Member
Submit an endorsement on behalf of a Senior Member candidate
Fellow and Distinguished Fellow
Have you led an information security team or project for five or more years Do you have at least eight years of ISSA
membership and served for three years in a leadership role (as a chapter officer or Board member or in an International
role) You may be eligible to become an ISSA Fellow or Distinguished Fellow Please consult the Fellow Program
Guidelines and use the current forms to ensure you comply with all requirements
Fellow Qualifications
8 years of association membership
12 person-years of relevant professional experience
3 years of volunteer leadership in the association
5 years of significant performance in the profession such as substantial job responsibilities in leading a team or
project performing research with some measure of success or faculty developing and teaching courses
All Fellow applications require a nomination to qualify
For your convenience please feel free to use this Fellow Application Check-list to confirm eligibility and
completion of application
Application forms
Submit your application for Fellow
Submit a nomination on behalf of a Fellow candidate
Submit a letter of recommendation on behalf of a Fellow candidate
Distinguished Fellow Qualifications
12 years association membership
16 person-years of relevant professional experience
5 years of sustained volunteer leadership in the association
10 years of documented exceptional service to the security community and a significant contribution to security
posture or capability
All Distinguished Fellow applications require a nomination to qualify
For your convenience please feel free to use this Distinguished Fellow Application Check-list to confirm
eligibility and completion of application
Application forms
Submit your application for Distinguished Fellow
Submit a nomination on behalf of a Distinguished Fellow candidate
Submit a letter of recommendation on behalf of a Distinguished Fellow candidate
Please send an email if you have any questions about the ISSA membership and benefits
Thanks
Membership Director membershipkcissaorg
ISSA-Kansas City May Chapter Event
May 2017 ISSA Chapter Meeting
7
Topic Making a Jump to Risk Management
Speakers Jeffrey Blackmon and Co-Hosts Cheryl Cooper and Naeem Babri
Bio Jeffrey D Blackmon FBCI CISSP CBCP ITIL(F) Jeff is owner operator of Strategic Continuity Solutions LLC His company provides consulting
services in the following areas of Risk management Business Continuity Security Planning and
GovernanceRiskCompliance (GRC)
Jeff has contracted with such companies as Presbyterian Healthcare Services Bank of America L-3
Communications Library of Congress SRA international Midland Loan Processing and BDM
International He has also worked internationally at Saudi Arabia Marketing and Refining (SAMAREC)
and at the Royal Saudi Air Force Headquarters located in Riyadh
He is a graduate from University of Nebraska at Kearney with a double major in Math and Computer
Science He also has graduated with honors from Keller Graduate School of Management with a
Masters in Information Systems Management emphasis in Security
Brief Description of Topic Discussion on Risk Management and the components of Security Business Continuity and
Compliance We will discuss the definitions of what is included within Risk Management including Emerging Risk Register how
to determine Risk Impact Probability and Severity We will also demonstrate a quick example to show how all the components
work together to form a final risk exposure value This meeting will be more of a discussion than presentation so be prepared to
jump in with questions and comments
Location
Hereford House
Town Center Plaza 5001 Town Center Dr
Leawood KS 66211
Menu
Salad Choice of one Beef Chicken or Salmon
Salad Potato Vegetable Drink
Vegetarian option available please note at registration
Agenda
1130 AM - 1200 PM Greeting and registration
1200 PM - 100 PM - Meeting amp Presentation
100 PM - 130 PM - Questions Answers amp Networking
Price
$2000 for ISSA Members
$3000 for GuestsNon-Members
Maximum Reservation 35
Credit(s) 1 CPE credit
We look forward to seeing you at the event If you have any questions about the event or how to register please email our RSVP
email or contact the venue for directions
Register
8
The Information Systems Security Association (ISSA) is an
international organization providing educational forums publications and peer interaction opportunities that enhance the knowledge skills and professionalism The primary goal of ISSA is to promote management practices that will
ensure availability integrity and confidentiality of organizational resources
President Naeem Babri presidentkcissaorg Vice President Cheryl Cooper mailtovpkcissaorg Director of Social Media Melissa Salazar socialmediakcissaorg Secretary of Board Rochelle Boyd secretarykcissaorg
Newsletter Chief Editor Cheryl Cooper newsletterkcissaorg Treasurer Gary Kretzer treasurerkcissaorg Director of Membership Wei Cheng membershipkcissaorg Director of Education Larry Dilley certificationkcissaorg
Director of Programs Carmen Banks programskcissaorg Webmaster Thomas Badgett webmasterkcissaorg Director of Events
Dan Boethe eventskcissaorg
Past Presidents Bob Reese Tom Stripling Jeff Blackwood Michelle Moloney
6
All Senior Member applications require an endorsement from their home chapter to qualify
For your convenience please feel free to use this Senior Member Application Check-list to confirm eligibility
and completion of application
Application forms
Submit your application for Senior Member
Submit an endorsement on behalf of a Senior Member candidate
Fellow and Distinguished Fellow
Have you led an information security team or project for five or more years Do you have at least eight years of ISSA
membership and served for three years in a leadership role (as a chapter officer or Board member or in an International
role) You may be eligible to become an ISSA Fellow or Distinguished Fellow Please consult the Fellow Program
Guidelines and use the current forms to ensure you comply with all requirements
Fellow Qualifications
8 years of association membership
12 person-years of relevant professional experience
3 years of volunteer leadership in the association
5 years of significant performance in the profession such as substantial job responsibilities in leading a team or
project performing research with some measure of success or faculty developing and teaching courses
All Fellow applications require a nomination to qualify
For your convenience please feel free to use this Fellow Application Check-list to confirm eligibility and
completion of application
Application forms
Submit your application for Fellow
Submit a nomination on behalf of a Fellow candidate
Submit a letter of recommendation on behalf of a Fellow candidate
Distinguished Fellow Qualifications
12 years association membership
16 person-years of relevant professional experience
5 years of sustained volunteer leadership in the association
10 years of documented exceptional service to the security community and a significant contribution to security
posture or capability
All Distinguished Fellow applications require a nomination to qualify
For your convenience please feel free to use this Distinguished Fellow Application Check-list to confirm
eligibility and completion of application
Application forms
Submit your application for Distinguished Fellow
Submit a nomination on behalf of a Distinguished Fellow candidate
Submit a letter of recommendation on behalf of a Distinguished Fellow candidate
Please send an email if you have any questions about the ISSA membership and benefits
Thanks
Membership Director membershipkcissaorg
ISSA-Kansas City May Chapter Event
May 2017 ISSA Chapter Meeting
7
Topic Making a Jump to Risk Management
Speakers Jeffrey Blackmon and Co-Hosts Cheryl Cooper and Naeem Babri
Bio Jeffrey D Blackmon FBCI CISSP CBCP ITIL(F) Jeff is owner operator of Strategic Continuity Solutions LLC His company provides consulting
services in the following areas of Risk management Business Continuity Security Planning and
GovernanceRiskCompliance (GRC)
Jeff has contracted with such companies as Presbyterian Healthcare Services Bank of America L-3
Communications Library of Congress SRA international Midland Loan Processing and BDM
International He has also worked internationally at Saudi Arabia Marketing and Refining (SAMAREC)
and at the Royal Saudi Air Force Headquarters located in Riyadh
He is a graduate from University of Nebraska at Kearney with a double major in Math and Computer
Science He also has graduated with honors from Keller Graduate School of Management with a
Masters in Information Systems Management emphasis in Security
Brief Description of Topic Discussion on Risk Management and the components of Security Business Continuity and
Compliance We will discuss the definitions of what is included within Risk Management including Emerging Risk Register how
to determine Risk Impact Probability and Severity We will also demonstrate a quick example to show how all the components
work together to form a final risk exposure value This meeting will be more of a discussion than presentation so be prepared to
jump in with questions and comments
Location
Hereford House
Town Center Plaza 5001 Town Center Dr
Leawood KS 66211
Menu
Salad Choice of one Beef Chicken or Salmon
Salad Potato Vegetable Drink
Vegetarian option available please note at registration
Agenda
1130 AM - 1200 PM Greeting and registration
1200 PM - 100 PM - Meeting amp Presentation
100 PM - 130 PM - Questions Answers amp Networking
Price
$2000 for ISSA Members
$3000 for GuestsNon-Members
Maximum Reservation 35
Credit(s) 1 CPE credit
We look forward to seeing you at the event If you have any questions about the event or how to register please email our RSVP
email or contact the venue for directions
Register
8
The Information Systems Security Association (ISSA) is an
international organization providing educational forums publications and peer interaction opportunities that enhance the knowledge skills and professionalism The primary goal of ISSA is to promote management practices that will
ensure availability integrity and confidentiality of organizational resources
President Naeem Babri presidentkcissaorg Vice President Cheryl Cooper mailtovpkcissaorg Director of Social Media Melissa Salazar socialmediakcissaorg Secretary of Board Rochelle Boyd secretarykcissaorg
Newsletter Chief Editor Cheryl Cooper newsletterkcissaorg Treasurer Gary Kretzer treasurerkcissaorg Director of Membership Wei Cheng membershipkcissaorg Director of Education Larry Dilley certificationkcissaorg
Director of Programs Carmen Banks programskcissaorg Webmaster Thomas Badgett webmasterkcissaorg Director of Events
Dan Boethe eventskcissaorg
Past Presidents Bob Reese Tom Stripling Jeff Blackwood Michelle Moloney
7
Topic Making a Jump to Risk Management
Speakers Jeffrey Blackmon and Co-Hosts Cheryl Cooper and Naeem Babri
Bio Jeffrey D Blackmon FBCI CISSP CBCP ITIL(F) Jeff is owner operator of Strategic Continuity Solutions LLC His company provides consulting
services in the following areas of Risk management Business Continuity Security Planning and
GovernanceRiskCompliance (GRC)
Jeff has contracted with such companies as Presbyterian Healthcare Services Bank of America L-3
Communications Library of Congress SRA international Midland Loan Processing and BDM
International He has also worked internationally at Saudi Arabia Marketing and Refining (SAMAREC)
and at the Royal Saudi Air Force Headquarters located in Riyadh
He is a graduate from University of Nebraska at Kearney with a double major in Math and Computer
Science He also has graduated with honors from Keller Graduate School of Management with a
Masters in Information Systems Management emphasis in Security
Brief Description of Topic Discussion on Risk Management and the components of Security Business Continuity and
Compliance We will discuss the definitions of what is included within Risk Management including Emerging Risk Register how
to determine Risk Impact Probability and Severity We will also demonstrate a quick example to show how all the components
work together to form a final risk exposure value This meeting will be more of a discussion than presentation so be prepared to
jump in with questions and comments
Location
Hereford House
Town Center Plaza 5001 Town Center Dr
Leawood KS 66211
Menu
Salad Choice of one Beef Chicken or Salmon
Salad Potato Vegetable Drink
Vegetarian option available please note at registration
Agenda
1130 AM - 1200 PM Greeting and registration
1200 PM - 100 PM - Meeting amp Presentation
100 PM - 130 PM - Questions Answers amp Networking
Price
$2000 for ISSA Members
$3000 for GuestsNon-Members
Maximum Reservation 35
Credit(s) 1 CPE credit
We look forward to seeing you at the event If you have any questions about the event or how to register please email our RSVP
email or contact the venue for directions
Register
8
The Information Systems Security Association (ISSA) is an
international organization providing educational forums publications and peer interaction opportunities that enhance the knowledge skills and professionalism The primary goal of ISSA is to promote management practices that will
ensure availability integrity and confidentiality of organizational resources
President Naeem Babri presidentkcissaorg Vice President Cheryl Cooper mailtovpkcissaorg Director of Social Media Melissa Salazar socialmediakcissaorg Secretary of Board Rochelle Boyd secretarykcissaorg
Newsletter Chief Editor Cheryl Cooper newsletterkcissaorg Treasurer Gary Kretzer treasurerkcissaorg Director of Membership Wei Cheng membershipkcissaorg Director of Education Larry Dilley certificationkcissaorg
Director of Programs Carmen Banks programskcissaorg Webmaster Thomas Badgett webmasterkcissaorg Director of Events
Dan Boethe eventskcissaorg
Past Presidents Bob Reese Tom Stripling Jeff Blackwood Michelle Moloney
8
The Information Systems Security Association (ISSA) is an
international organization providing educational forums publications and peer interaction opportunities that enhance the knowledge skills and professionalism The primary goal of ISSA is to promote management practices that will
ensure availability integrity and confidentiality of organizational resources
President Naeem Babri presidentkcissaorg Vice President Cheryl Cooper mailtovpkcissaorg Director of Social Media Melissa Salazar socialmediakcissaorg Secretary of Board Rochelle Boyd secretarykcissaorg
Newsletter Chief Editor Cheryl Cooper newsletterkcissaorg Treasurer Gary Kretzer treasurerkcissaorg Director of Membership Wei Cheng membershipkcissaorg Director of Education Larry Dilley certificationkcissaorg
Director of Programs Carmen Banks programskcissaorg Webmaster Thomas Badgett webmasterkcissaorg Director of Events
Dan Boethe eventskcissaorg
Past Presidents Bob Reese Tom Stripling Jeff Blackwood Michelle Moloney